| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_ | 5 #ifndef CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_ |
| 6 #define CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_ | 6 #define CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 | 9 |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 // strategy for certificate decisions or it may be left unimplemented to use a | 24 // strategy for certificate decisions or it may be left unimplemented to use a |
| 25 // default strategy of not remembering decisions at all. | 25 // default strategy of not remembering decisions at all. |
| 26 class SSLHostStateDelegate { | 26 class SSLHostStateDelegate { |
| 27 public: | 27 public: |
| 28 // The judgements that can be reached by a user for invalid certificates. | 28 // The judgements that can be reached by a user for invalid certificates. |
| 29 enum CertJudgment { | 29 enum CertJudgment { |
| 30 DENIED, | 30 DENIED, |
| 31 ALLOWED | 31 ALLOWED |
| 32 }; | 32 }; |
| 33 | 33 |
| 34 // The types of nonsecure subresources that this class keeps track of. |
| 35 // |
| 36 // TODO(estark): Currently, MIXED_CONTENT is used for all insecure |
| 37 // content, as SSLManager/SSLPolicy do not separate signals for mixed |
| 38 // content from signals for subresources with cert errors. Fixing this |
| 39 // is in progress as part of https://crbug.com/634171. |
| 40 enum InsecureContentType { |
| 41 // A MIXED subresource was loaded over HTTP on an HTTPS page. |
| 42 MIXED_CONTENT, |
| 43 // A CERT_ERRORS subresource was loaded over HTTPS with certificate |
| 44 // errors on an HTTPS page. |
| 45 CERT_ERRORS_CONTENT, |
| 46 }; |
| 47 |
| 34 // Records that |cert| is permitted to be used for |host| in the future, for | 48 // Records that |cert| is permitted to be used for |host| in the future, for |
| 35 // a specified |error| type. | 49 // a specified |error| type. |
| 36 virtual void AllowCert(const std::string&, | 50 virtual void AllowCert(const std::string&, |
| 37 const net::X509Certificate& cert, | 51 const net::X509Certificate& cert, |
| 38 net::CertStatus error) = 0; | 52 net::CertStatus error) = 0; |
| 39 | 53 |
| 40 // Clear all allow preferences. | 54 // Clear all allow preferences. |
| 41 virtual void Clear() = 0; | 55 virtual void Clear() = 0; |
| 42 | 56 |
| 43 // Queries whether |cert| is allowed for |host| and |error|. Returns true in | 57 // Queries whether |cert| is allowed for |host| and |error|. Returns true in |
| 44 // |expired_previous_decision| if a previous user decision expired immediately | 58 // |expired_previous_decision| if a previous user decision expired immediately |
| 45 // prior to this query, otherwise false. | 59 // prior to this query, otherwise false. |
| 46 virtual CertJudgment QueryPolicy(const std::string& host, | 60 virtual CertJudgment QueryPolicy(const std::string& host, |
| 47 const net::X509Certificate& cert, | 61 const net::X509Certificate& cert, |
| 48 net::CertStatus error, | 62 net::CertStatus error, |
| 49 bool* expired_previous_decision) = 0; | 63 bool* expired_previous_decision) = 0; |
| 50 | 64 |
| 51 // Records that a host has run insecure content. | 65 // Records that a host has run insecure content of the given |content_type|. |
| 52 virtual void HostRanInsecureContent(const std::string& host, int pid) = 0; | 66 virtual void HostRanInsecureContent(const std::string& host, |
| 67 int pid, |
| 68 InsecureContentType content_type) = 0; |
| 53 | 69 |
| 54 // Returns whether the specified host ran insecure content. | 70 // Returns whether the specified host ran insecure content of the given |
| 55 virtual bool DidHostRunInsecureContent(const std::string& host, | 71 // |content_type|. |
| 56 int pid) const = 0; | 72 virtual bool DidHostRunInsecureContent( |
| 73 const std::string& host, |
| 74 int pid, |
| 75 InsecureContentType content_type) const = 0; |
| 57 | 76 |
| 58 // Revokes all SSL certificate error allow exceptions made by the user for | 77 // Revokes all SSL certificate error allow exceptions made by the user for |
| 59 // |host|. | 78 // |host|. |
| 60 virtual void RevokeUserAllowExceptions(const std::string& host) = 0; | 79 virtual void RevokeUserAllowExceptions(const std::string& host) = 0; |
| 61 | 80 |
| 62 // Returns whether the user has allowed a certificate error exception for | 81 // Returns whether the user has allowed a certificate error exception for |
| 63 // |host|. This does not mean that *all* certificate errors are allowed, just | 82 // |host|. This does not mean that *all* certificate errors are allowed, just |
| 64 // that there exists an exception. To see if a particular certificate and | 83 // that there exists an exception. To see if a particular certificate and |
| 65 // error combination exception is allowed, use QueryPolicy(). | 84 // error combination exception is allowed, use QueryPolicy(). |
| 66 virtual bool HasAllowException(const std::string& host) const = 0; | 85 virtual bool HasAllowException(const std::string& host) const = 0; |
| 67 | 86 |
| 68 protected: | 87 protected: |
| 69 virtual ~SSLHostStateDelegate() {} | 88 virtual ~SSLHostStateDelegate() {} |
| 70 }; | 89 }; |
| 71 | 90 |
| 72 } // namespace content | 91 } // namespace content |
| 73 | 92 |
| 74 #endif // CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_ | 93 #endif // CONTENT_PUBLIC_BROWSER_SSL_HOST_STATE_DELEGATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2225213004:
Teach SSLHostStateDelegate about subresources with cert errors (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master